Appl. No. 10/679,186 

Amdt. Dated 4 September 2007 

Amendments to the Claims: 

1. (ORIGINAL): A method of operating an information appliance comprising: 
receive a logic request at an operating system; 

determine if a deception should be provided by the operating system; 
if yes, do one or more of: 

perform a deception action; 

provide a deception response; 

fulfill said logic request; 
if no fulfill the request normally. 

2. (ORIGINAL): A method of operating an information appliance comprising: 
receive a logic request at an operating system; 

determine if communication with external logic is desired; 
if yes: 

using external logic, determine if deception will be performed by the operating system; 
using external logic, decide what deception is to be performed; 
perform a deception action; 
optionally provide a deception response; 
optionally fulfill said logic request action; 
if no: 

evaluate and fulfill said logic request. 

3. (ORIGINAL): A computer program product for use in an information system comprising: 
a computer useable medium having computer readable program code embodied therein, 

said computer program product further comprising: 
computer readable program code enabling a loadable kernel module able to intercept 
system calls; 

wherein said kernel module, after intercepting a system call, grants, refuses to grant, or 
falsifies granting or refusing said system call depending on one or more parameters of 
a system call and/or an entity making said system call; and 
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wherein said kernel module, after intercepting a system call, returns either an accurate or 
an inaccurate response to said system call depending on one or more parameters of a 
system call and/or an entity making said system call. 

4. (ORIGINAL): The computer program product of claim 3 further wherein: 

said kernel module comprising a control module and one or more decision modules. 

5. (ORIGINAL): The computer program product of claim 3 further wherein: 

said kernel module can selectively return false responses in response to system calls. 

6. (ORIGINAL): The computer program product of claim 3 further wherein: 

said kernel module can probabilistically return false responses in response to system calls. 

7. (ORIGINAL): The computer program product of claim 3 further comprising: 

computer readable program code that when loaded into an appropriately configured 
information system provides a control mechanism able to identify, mark, and control 
deceptions provided in response to system calls. 

8. (ORIGINAL): The computer program product of claim 3 further wherein: 
said kernel module intercepts all system calls. 

9. (ORIGINAL): The computer program product of claim 3 further wherein: 

said kernel module intercepts one or more system calls analogous to: 

open(); 

read(); 

chdir(); 

stat64(); 

lstat64(); 

setuid(); 

setgid(); 

setgroups32(); 

getdents64(); 

write(); 

unlink(); 

rmdir(); 

getuid32(); 
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getgid32(); 

geteuid32(); 

getegid32(); 

getgroups32(); 

chmod(); 

rename (); 

mkdir(); 

delete_module(); or 
socketcall(). 

10. (ORIGINAL): The computer program product of claim 3 further wherein: 

said control module intercepts four or more system calls analogous to: 

open(); 

read(); 

chdir(); 

stat64(); 

lstat64(); 

setuid(); 

setgid(); 

setgroups32(); 

getdents64(); 

write(); 

unlink(); 

rmdir(); 

getuid32(); 

getgid32(); 

geteuid32(); 

getegid32(); 

getgroups32(); 

chmod(); 

rename (); 

mkdir(); 

delete_module(); or 
socketcall(). 

11. (ORIGINAL): The computer program product of claim 3 further comprising: 

a user space interface allowing changes in deception behavior to be made while said 
kernel module is inserted. 

12. (ORIGINAL): The computer program product of claim 3 further comprising: 
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a module able to simulate /proc filesystem type system call. 

13. (ORIGINAL): The computer program product of claim 3 further wherein said control 
module can transparently cause deceived processes to access different storage and processing 
areas or systems during a system call. 

14. (ORIGINAL): The computer program product of claim 3 further wherein said control 
module can hide module listings so that said control module does not appear when a Ismod 
type call is executed. 

15. (ORIGINAL): An information processing system comprising logic processing apparatus 
and operating system central logic comprising: 

a caller identifier able to indicate calling entities for deception; 

one or more system calls able to set said caller identifier to mark a calling entity for 
deception; and 

one or more system calls able to read said caller identifier and able to provide deceptive 
responses and/or take deceptive actions when called by an entity marked for deception. 

16. (ORIGINAL): The system of claim 15 further wherein: 

said one or more system calls are able to provide deceptive responses and/or take 
deceptive actions probabilistically. 

17. (ORIGINAL): The system of claim 15 further wherein: 

said one or more system calls are able to provide deceptive responses and/or take 
deceptive actions selectively. 

18. (ORIGINAL): The system of claim 15 further wherein: 

said one or more system calls evaluate one or more system and/or user parameters in 
determining whether to or how to selectively provide deceptive responses or take 
deceptive actions. 

19. (ORIGINAL): The system of claim 15 further comprising: 

a user space interface allowing changes in deception behavior of one or more system calls 
to be made during operation of said operating system central logic. 
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20. (ORIGINAL): A method of modifying operation of an information system comprising: 
initiating a requested operating system call; 

deciding among three or more possible responses to said system call; 
wherein said responses comprise an accurate or an inaccurate response to a system call; 
and 

wherein said responses further comprise granting, refusing to grant, or falsifying granting 
or refusing said system call. 

21. (ORIGINAL): The method of claim 20 further wherein said responses further comprise 
modifying said system call request prior to executing said system call. 

22. (ORIGINAL): The method of claim 20 further wherein said responses further comprise 
undetectably redirecting said system call to be performed in another information processing 
environment. 

23. (ORIGINAL): The method of claim 20 further comprising: 
selectively returning false responses to system calls. 

24. (ORIGINAL): The method of claim 20 further comprising: 
probabilistically returning false responses to system calls. 

25. (ORIGINAL): The method of claim 20 further comprising: 

identifying, marking, and controlling deceptions provided in response to system calls 
through a user space interface. 

26. (ORIGINAL): The method of claim 20 further comprising: 
intercepting all system calls by system call control logic. 

27. (ORIGINAL): The method of claim 20 further comprising: 

transparently changing deceived processes to access different storage and processing areas 
or systems during a system call. 

28. (ORIGINAL): A method of defending an information processing system from possibly 
undesired operations comprising: 
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initiating an operating system call; 

deciding among a set of possible responses to said system call; and 

wherein said set of possible responses comprises accurate and inaccurate responses. 

29. (ORIGINAL): A method of defending an information processing system from intentional 
and/or unintentional destructive operations comprising: 

intercepting an operating system call; 

deciding among a set of possible responses to said system call; and 

wherein said set of possible responses comprises granting, refusing to grant, falsifying 
granting or refusing, and modifying execution of said system call. 

30. (ORIGINAL): The method of claim 29 further wherein: 

said set of possible responses comprises performing a requested call in a different 
information processing environment. 

31. (ORIGINAL): A method of enhancing security in an information processing comprising: 
modifying two or more system calls to identify entities for deception and/or provide 

deception functions; and 
providing deceptions from a system call to an entity identified for deception. 

32. CANCELLED 

33. (ORIGINAL): A stored program product on a media that when loaded and executed in an 
appropriately configured computer device enables the device to embody the system of claim 
3. 
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